Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Glossary of Terms

Alternate Exhaust Interface

An eth2 interface configured (optionally) to contain analysis engine CnC traffic off the management network (eth0).

Anti-SIEM

A Juniper ATP Appliance Advanced Threat Analytics (ATA) feature that allows for more detailed endpoint and log ingestion handling, management and reporting; includes Active Directory, Splunk and Direct Log Ingestion options.

AWS

Amazon Web Services and EC2 management console from which Juniper ATP Appliance administrators can configure vCore AMI images.

Blocklist

A list or register of entities to be denied a specified access or privilege. During detection engine analysis, when content matches any pattern on the blocklist, the content is deemed malicious and therefore an alert or block action is enacted immediately.

Collector

Juniper ATP Appliance’s Traffic inspection and object collection mechanism

CnC server

Command and control server that directs the operation of a botnet.

CLI

Command-line interface. The Juniper ATP Appliance has a CLI interface for administering the appliance.

CM

The Juniper ATP Appliance Central Manager component that has a web-based graphical user interface.

Darkspace

Currently unused address space.

DHCP

Dynamic Host Configuration Protocol.

DMZ

Demilitarized zone. An area of the network where systems have direct access to the Internet or an external network.

DNS

Domain Name Service.

Event

Indicates a type of security intrusion or attack.

Greylist

Greylists provide control over the priority of workorders for known IP addresses and URLs. Greylists contain files that contain either URLs or IP addresses and are used by the Juniper ATP Appliance analysis engines to check if the specified URLs or IP addresses contain a malicious rule match.

GUI

Graphical user interface. The Juniper ATP Appliance uses a web-based GUI for managing the appliance.

Known botnet server bot command

Events that are triggered when the appliance sees any of the common IRC bot commands or detects any communication sent to known botnet servers.

Lateral Detection

East-west detection of malware within the enterprise spread from endpoint host to host.

Malware

Malicious software used by attackers to disrupt, control, steal, cause data loss, spy upon, or gain unauthorized access to computer systems.

NTP

Network Time Protocol.

OS-anomaly

Events that indicate modification of the operating system.

OSPF

Open Shortest Path First. A protocol that computes an optimal path for traffic in a TCP/IP network.

Sandbox mode

A mode in which malware is permitted to run, but results of the malware action are restricted to the virtual machine and not permitted to escape.

SNMP

Simple Network Management Protocol.

spyware

A type of malware installed on computers that collects small pieces of information about user(s) it is spying on.

SSL

Secure Sockets Layer.

TLS

Transport Layer Security.

VLAN

Virtual Local Area Network.

VM

Virtual Machine. A software program that runs an instance of an operating system. The operating system runs on top of a program that emulates a hardware system.

Worm

A self-replicating malware program that uses a computer network to send copies of itself to other computers. This may be done without any user intervention.

Zero-day attack

An attack by malware that exploits unknown or newly discovered vulnerabilities in software before they become known or before security patches are applied to fix them

Related Documentation